Credit Union Geek

Marketing, Strategy, and The Force by Joe Winn

Tag: gps

Data Security: Car Edition. Really.

Originally published on CUInsight.com

When you hear “data security”, what comes to mind? Your laptop? Phone? Internet of Things “smart” oven? (I’d hate to let a hacker know how badly I burnt that casserole)

Anything else? How about your computer on wheels?

Modern cars are rolling supercomputers. They have dozens of systems collecting unique data to make your driving experience safer, more enjoyable, and sometimes more distracting. For example, the traction control computer collects information on road conditions hundreds of times a second. However, it’s probably not a source of identity theft (though what could be learned from its records would surprise you). Nor is the network of proximity sensors to help you navigate tight areas.

Your car does contain a number of personalized systems. Let’s look at the big ones:

GPS: Your car knows where it is at all times, where it has been, the paths you take, and even the speed at which those drives were made.

Bluetooth: When you pair your phone, it does more than share a 4-digit code. To automatically reconnect, the car remembers your phone’s unique ID. This isn’t a huge privacy issue on its own, but today’s cars save far more. To make dialing easier, a lot of systems import your contacts and synchronize your text messages. No big deal, just your entire phone book and call/text history.

HomeLink: Do you have buttons on your mirror or visor? Do they open your gate/garage? Then you have HomeLink. These can even support turning on/off lights, though new smart integrations have made that a bit redundant. Combined with the GPS history, this is the biggest privacy risk in your car. The former tells anyone in the car where your house is located. The latter Opens. Your. Home.

Those are the big three. Others vary by manufacturer and features. Things like a custom entry code (many Ford vehicles still use this feature…do not choose a birthday!) are seen on occasion. App integration is becoming more common, making your phone an advanced car key.

So, what of all these features? I’m a huge fan of integrations which make sense, and I use them often. However, I also know there is a level of security necessary. To add a small degree, I never program my actual home address into the GPS. The “point” is around the entrance to my community, not in my driveway. Do you really need those last 4 turns? Granted, someone could just find my address on the registration, but I’m hoping a potential thief is just too dumb to consider such an option. Why make it easy? Note: My garage opener doesn’t reach from the home “point”.

It’s good to know what these features can reveal while you have the car, but what about when you sell it?  Given the privacy/security risk inherent, I find it almost criminal that an easy “I’m selling my car, delete everything” button is not available in every car. For mine, I’ve had to do the following:

  1. Delete my phone pairing from the car.
  2. Remove the “Home” location in my GPS.
  3. Remove all recent waypoints in the GPS.
  4. Reset the HomeLink buttons.
  5. Cancel/transfer satellite radio service (technically, with an active Radio ID, one can use a phishing strategy to get my personal information from SiriusXM)

You’re right, there is no direct credit union guidance in this post. However, given my recent experience in buying a new car, I felt it necessary enough to share. Be honest, how many cars do you think are traded-in with the prior owner’s home address and garage code?

Help protect your staff and membership by sharing this with everyone! (And along with every booked loan)

Image credit: That’s me, while owning two cars.

How can I tell if my car has been hacked?

  • When you drive, does your GPS talk back with more attitude than normal?
  • Do you find your car going on late-night ice cream runs?
  • Has your car strangled you or your family? More than once?
  • Will your car refuse to perform rolling stops or turn right on red?

If you can say “yes” to any of these, then your car may be hacked. But don’t panic! It’s equally likely your car has just been possessed by a hungry ghost.

We are all acclimated to the security risks on our computers and phones; you update often, avoid sketchy websites, and don’t download questionable software. However, the king of the open road has never dealt with these challenges. Our cars were a sanctuary. The only risk was of being involved in one of 10.8 million accidents per year. But hacking? Leave that to the computers!

Today, your car is a computer as well. In fact, it’s more computer than your computer. Besides the OBD2 service plug under your dashboard, it is a veritable treasure trove of calculating machines. Anti-lock brakes, stability control, airbags, roll compensation, variable headlights, lane guidance, and more all run computations hundreds of times per second. Not to mention the entertainment systems which are more tightly integrated into car operations each year.

News stories describing vehicle hacking sensationalize the event, making it difficult to know whether the problem uncovered is a true risk. Perhaps, then, we cannot blame people for being afraid of their next car being the victim of hackers. A recent survey conducted by Kelley Blue Book put numbers to the suspicions. Of note, nearly half (41%) would consider vehicle security provisions during their next purchase. Over half (58%) felt a permanent solution to the problem will never be found.

That group is correct. If computer code is more complex than “Hello, world!”, it has bugs. Just as your body has a variety of protections against sickness, from skin to an immune system, sometimes both our bodies’ and our computers’ code gets “colds”. The concern is in severity. A small rash might be an inconvenience, but the flu can put you out of commission for days. Same too with the computer. If the bug is serious enough, and a hacker (like a virus) can infect deeply into the system, then the system can be taken over.

The key to ensuring car hacking does not become a safety issue is in the ability to get fixes to the vehicles. Tesla designed their Model S (and all future vehicles) with a wireless update capability, much like your phone. When it’s plugged in and charging, it checks for updates, which can fix security and stability bugs, as well as add new features. Your next drive is then more secure. The Jeep Cherokee you heard was hacked (luckily by good guys) has no such feature, and must either be driven to a dealership or manually updated with a USB drive.

Luckily for Chrysler, people don’t yet see their cars as they do their phones. From a technical standpoint, they’re the same; Internet-connected devices that you depend upon to just work. In the aforementioned survey, 64% would elect to drive to a dealership for a security update to be installed. Would you drive to the Apple Store, wait in line, then wander around the mall for an hour while the latest update is set up on your phone? Of course not. You’d demand better. It’s only a matter of time until this migrates to cars.

Your credit union (you didn’t think I’d get to you, but I did!) has strong security features in place. Your members’ personal and financial information must never fall into the wrong hands, or any other hands, for that matter. But vulnerabilities exist and there are always those looking to exploit for their own ends. Does your IT team ensure both technical problems and human error cannot compromise your core LOS? What about your members? If your last security notice to them was a red bar on your website, they didn’t understand. In the same way you provide financial literacy education, help your members keep a safer digital life. Share the procedures in place at your own branches…does anyone use “password” as their password?

In today’s always-connected society, you are likely the most security-conscious entity your members directly encounter in their daily life. Help them be as great as you at conducting safe online practices. Consider yourself the wireless updates for your members’ security features.

But watch out for that moody GPS. Your delightful British accent isn’t fooling anyone!

Update: Another report has surfaced that the OBD2 port mentioned above connects to an inherently insecure platform, the CAN bus. It’s ok, it’s only on every car made in the last 20 years. However, devices that give the port wireless capabilities, like OnStar or insurance monitoring attachments, put your vehicle more at risk. Me? I’m keeping that port empty, especially given all the self-driving systems on my car. 

Image credit: http://blogthinkbig.com/wp-content/uploads/2014/01/hackers-new-cars1-620×413.jpg

The Future, Less the Rocket Packs

Actually, it’s not the future until we all have hoverboards. It’s 2014, and I want my hoverboard! Tech industry: You have one more year.

Turns out, revolutionizing our methods of travel didn’t quite pan out, yet. We don’t fly in glass bubble ships a-la Jetsons, nor do we have the flying cars depicted in Fifth Element (Is he really the taxi driver you want? Only if you want to save the universe.)

What we do have is an incredible level of interconnectedness. Devices can communicate across the globe, each end remaining completely wireless. Voices and music can spring into our ears from a phone 30 feet away, and all we need is a small headset which lets the world know you are oblivious by its consistent blue flash. It seems like everything can talk to everything else, and my data is accessible where ever I need it.

This is only the beginning of what is called The Internet of Things.

Imagine waking up one day to a slight vibration from your wrist-mounted activity monitor (which, of course, analyzed your sleep patterns to wake you at the best possible time). Upon noting you are up and moving, the monitor notifies your home lighting to illuminate a path to the bathroom. While there, you weigh yourself (lost a pound, yeah!), which is automatically uploaded into your daily nutrition log. By the time you get to the kitchen, your toaster has already pre-heated for the waffle it’s anticipating you will have (since your nutrition profile today has accounted for your improved weight/BMI). Fast-forward to leaving for work, and as you drive out of the garage, you realize you forgot to switch off the lights, adjust the A/C, and even set the alarm. Is the fan still on? No worries, your phone detects it has left the house, and as the garage doors close, the lighting shuts off, A/C switches to an energy-efficient schedule, alarm arms itself, and fans shut down. Not knowing this, you quickly say, “Hey, Siri, is my home secured?” “Your home is set for away mode. All accessories have been switched to your pre-set schedule. Don’t worry!” “Thanks, Siri, now play my favorite music playlist.”

Sounds like a wild future, right? Except you can do all of that right now, with products available on store shelves (or at least online).

Companies are aiming to become the master of your domain, literally. At Google’s recent developer conference, they announced a home automation platform upon which products and software can be developed so that everything talks to each other. Same ideas in mind, last month, Apple announced HomeKit, a platform designed, in their words, to be, “a new framework for communicating with and controlling connected devices in a user’s home.”

This is the type of future your members will expect. Where everything communicates with everything else, and not just swaps data, but can provide valuable information from this interaction. Your member has just changed their mailing address and, one month later, their last name. The CU system “of the future” then automatically notifies you that they are likely just married (or divorced). Can you see how having that information brought to light might help your efforts? And for your members, a banking platform that can detect they have been visiting car dealerships lately, and sends a notice asking if they would like to get pre-approved for a loan.

The Internet of Things is in its infancy, and these situations are likely only the tip of an iceberg capable of changing our lives as much as introducing the personal computer or the Internet.

How is your credit union planning for a connected future?

© 2017 Credit Union Geek

Theme by Anders NorenUp ↑